From: [EMAIL PROTECTED] > > Good job Edmund! This is one of the worst articles on security I > > have ever read. Talk about missing the point. > > Yep, let's do talk about it since I see you as a blind horse that > misses the point because you cannot read. The title contains the two > words "patch problems" and that isn't a very strong point of OpenBSD. > (Obviously because there are not as many developers as other > distributions have.) > > > The article is not about the strong points of OpenBSD, pro-active and > integrated security, it's about patching and updates, a weak point of > OpenBSD.
I'd love to hear your justification on this statement. Can you defend it? I question how you manage to delineate proactive and integrated security from patching and updates. Do you think there is no overlap? I can point to a page (errata.html) that illlustrates the obvious opposite of it. Patches are released for known security and stability issues, and they are released on a timely basis. Very quickly, in most cases. But maybe you're not talking about that. Maybe you're talking about the "other" bugs out there in the OS that aren't accounted for with a horn-tooting fanfare everytime a CVS change is made. In OpenBSD, that is because they don't deserve errata entries, you can just track -current to get them, and only the ones that really matter make it backported to past releases. So is the perceived problem that there aren't as *many* patches released, for every insignificant little bug, like many Linux distros do? Or is your point based on the fact that some applications sit in the ports tree without receiving updates for months, while the same application will be updated multiple times per week in a given Linux distro, matching the release cycle of the upstream project? Is it not obvious that there is little drive on OpenBSD to always have the latest and greatest, bleeding edge version in the tree? That blatant dot-dot-dot updates for piddling reasons aren't the SOP? In one way, it's not even fair to compare the two platforms the same way. A GNU/Linux distribution is nothing more than a kernel combined with a dumpster full of disperate applications to make some form of a collectively functioning operating system. The packages are actually the core OS. A GNU/Linux distro updates their OS by updating 3rd party applications. *BSD projects don't work that way. There is a defined core OS, and 3rd party garbage is third party garbage. One doesn't overlap the others. So if a third party package runs into a bug (security, stability, or otherwise), OpenBSD doesn't *have* to scramble to bring the application up to date because it's not wedged into the core OS. This article *was* incredibly stupid, for the above reasons and more. It takes a stale and uninformed view of patching. The fact that they lumped OpenBSD in as a Linux distro is not only insulting, but ignorant. Does it not occur to folks that many people use OpenBSD not because it is generally and vaguely "secure", but because their patching policy and procedures are in fact well directed and sensible, a good compromise between stability and currency? DS
